If you have existing set of rules, you can copy it from location below or use mine. The best way is to define your own rules using UFW. Or you can setup your firewall and router server following this guide.

For more about Duplicity and BackupNinja configuration you can read here.

Rsnapshot

Local LAN data backups are done every day using rsnapshot which is configured and run from home-desktop to do snapshots to local RAID1 mirror (/mnt/mirror/.snapshots) from remote home-server NFS export (/disk).

Fail2ban

apt-get install fail2ban

To protect myself from bot scanning zombies and script kiddies I love to use Fail2ban service. It protect my SSH, Postfix (SASL) and Lighttpd checking the failed logins and banning annoying zombies for one year based on their IP addresses.

# monitor ip traffic
tcpdump -n -i vlan99 host 192.168.1.0
tcpdump -i eth1 -n port 8888 or port 7777 and host 192.168.x.x
tcpdump -n -i any host 192.168.1.100 or host 192.168.1.200 and not port 22
tcpdump -n -i any host 192.168.1.100 or host 192.168.1.200 and not port 22 and not net 192.168.3.100/26
tcpdump -n -i any host 192.168.1.100 or host 192.168.1.200 and not port 22 and not net 192.168.3.100/26 and not host 192.168.1.1 and not host 192.168.2.1 and not port 1215 and not port 1212
tcpdump -n -i any -s 1500 -w test_dump_file.dump host 192.168.1.100 or host 192.168.1.200 and not port 22 and not net 192.168.3.100/26 and not host 192.168.1.1 and not host 192.168.2.1 and not port 1215 and not port 1212

chmod u+s … set the permissions to “-rwsr-xr-x”, or similar (note the “s” replacing the usual “x”). That means that you can run certain commands with the permissions of a different user (typically root).